Re: How to remove pesky persistent +x bits that chmod -x won't remove

2016-05-20 Thread Warren Young 
On May 19, 2016, at 7:01 PM, Warren Young  wrote:
> 
> For what it’s worth, setfacl -bk followed by a chmod -x sometimes always 
> fixes this. 

I’ve solved this by applying that fix to the affected directory trees in bulk:

$ find foo bar baz -exec setfacl -kb {} \;

Heavy-handed, but it works.
--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple

How to remove pesky persistent +x bits that chmod -x won't remove

2016-05-19 Thread Warren Young 
I think I have an ACL inheritance problem.  Here’s the scenario:

$ ls -l Protocol.md   ## Boo, bad permissions; shouldn’t be +x!
-rwxr--r--+ 1 Warren Warren 4.3K May 19 18:41 Protocol.md*

$ chmod -x Protocol.md
$ ls -l Protocol.md   ## Still +x!  Did I stutter?
-rwxr--r--+ 1 Warren Warren 4.3K May 19 18:41 Protocol.md*

$ icacls.exe Protocol.md  ## Okayyy…lots of X’s
Protocol.md NULL SID:(DENY)(Rc,S,X,DC)
MOSSYMAZE\Warren:(R,W,D,WDAC,WO)
MOSSYMAZE\Warren:(DENY)(S,X)
NT AUTHORITY\SYSTEM:(DENY)(S,X)
BUILTIN\Administrators:(DENY)(S,X)
MOSSYMAZE\Warren:(RX)
NT AUTHORITY\SYSTEM:(RX,W)
BUILTIN\Administrators:(RX,W)
Everyone:(R)

Successfully processed 1 files; Failed processing 0 files

$ icacls Protocol.md /reset  ## Nuke the X’s!
processed file: Protocol.md
Successfully processed 1 files; Failed processing 0 files

$ ls -l Protocol.md  ## Still +x!
-rwx---r-x+ 1 Warren Warren 4.3K May 19 18:41 Protocol.md*

$ chmod -x Protocol.md   ## Ah, *now* it will listen to me.
$ ls -l Protocol.md
-rwr--+ 1 Warren Warren 4.3K May 19 18:41 Protocol.md

$ icacls.exe Protocol.md ## Clear as mud
Protocol.md NT AUTHORITY\SYSTEM:(I)(F)
BUILTIN\Administrators:(I)(F)
MOSSYMAZE\Warren:(I)(F)
Everyone:(I)(RX)



I assume this is happening because something farther up the directory tree 
keeps reapplying the +x bit to this file, but I can’t see what from the icacls 
output.  Is there a tool that will give me a tree view so I can see what’s 
applied at each level?  Failing that, do I just run icacls on every parent 
directory of this file?  And then what?  I don’t think I dare /reset all 
permissions clear back to the root.

This 2-step permission fix is getting old, because the bad permissions come 
back again every time something rewrites one of the affected files.

For what it’s worth, setfacl -bk followed by a chmod -x sometimes always fixes 
this.  I’m just using icacls above because its output seems clearer, probably 
because it’s NTFS-native, not reinterpreting everything through a POSIX lens.
--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple